This is the dll responsible for most the the leaks based with IE, by blocking it, many of the tests can be effectively passed.

Anyone else tries this out, please post your feedback.

c:\windows\system32\actxproxy.dll

When you click on a link in a help file, will you get the internet page that you are supposed to get? Will Windows update work? If you have to disable your system to pass leak tests, all you have accomplished is disabling your system. It is like saying my system will pass all leak tests when power to the modem is off.

Some people use Maxthon to pass the leak tests. Iexplore.exe is deleted.

Just remember, when you are running those tests, you know you are running a test. What any user, even an experienced one would do during an actual exploit is less certain. For some reason anecdotal reports of persons discovering, via a firewall warning, their PC is infected are lacking. Either they said yes the first time the firewall asked and forgot about it, or it just is not happening that way, or the trojans are using communications drivers, or terminating the firewalls. What I do see frequently are persons who changed AV brands and found an infection, or a lot of them. I wonder if the trojan disabled their brain, AV, firewall, or all three?

Quote from Diver
For some
reason anecdotal reports of persons discovering, via a firewall warning, their PC is infected are lacking. Either they said yes the first time the firewall asked and forgot about it, or it just is not happening that way, or the trojans are using communications drivers, or terminating the firewalls. What I do see frequently are persons who changed AV brands and found an infection, or a lot of them. I wonder if the trojan disabled their brain, AV, firewall, or all three?

What exactly are you trying to say...I notice quite often, I can understand most
of what you say..but then you get to a point, to me anyway, you your logic
gets muddled....and you are very hard to follow.

There is nothing about what I wrote that is hard to understand or of muddled logic. You don't see it because you do not want to.

Your statement is a crude attempt to discredit someone without actually having any thing to say, and it borders on being a personal attack.

Diver,

This is just my observation and recommendation based on my experiment, I have IE set to ask mode with either Kerio 2.15 or NetVeda, I am not concerned about leak tests, but am seriously concerned about IE exploits.

I have been using Opera since version 2 and continue to do so with version 8 and my only other alternate browser is FF.

No I did not understand what you were trying to say in that passage I quoted
Thats why I wanted you to clarify. I understood the first part fine.

And yes, for the most part ....The only thing we seem to agree on.....

...............................IS TO DISAGREE...............................

Just Wondering

It is OK to disagree. I can understand you without the caps turned on, which is considered to be impolite.

Will be no further explanation what you quoted, as none is needed. You ought to register for the board.

Arup-

What class of IE exploits requires a block on the program other than one where the trojan that could start IE is already on your machine because any other kind of exploit requires you to use IE first. That gets back to the old bit about why did it get there undetectd by your AV, how did it get activated without you realizing it, and so forth.

Diver,

To my knowledge, there are no AVs out there that can truly detect and brand new virus, by chance if one gets it, the block is a good protection as IE is the platform they use to launch it.

http://www.ebcvg.com/articles.php?id=666

Read the above link and see what I mean exactly.

I would still be the same person....registered or not.

I wasn't trying to be rude....just stressing a point.

I really don't understand your point.....It makes no difference...if your defences
are none...minimal...or a tank. A virus say...somehow got on any machine.

"the old bit about why did it get there undetectd by your AV, how did it get activated without you realizing it, and so forth."

How are you saying that you, me or anyone is immune from that happening.
or a sure fire way to prevent that.

Just curious, but how many of us here have actually been the victim of an IE exploit? I have been using IE for many years (except for a period when I used FF), and I have never had any IE exploits happen here, save for an infected file popping up in my IE cache once, but that can happen in FF too. What exactly are we afraid of happening? I would like to know, because I admit that I too am a little wary of things that MIGHT happen when using IE. Yet, in all this time, I have never once had anything happen. Are we just living in fear all the time, using numerous security apps, trying to protect against the event that will never occur?

Good question Kerado

About the same time as I started reading Wilders and getting DSL

I had a nasty little exploit called 5sec biz that used explorer.exe.
I've googled on it and found very very little info on it....it seemed to mess with
the FW...and wasn't so noticable on dial up...if I booted up with a FW..any FW
I would get the msg...explorer.exe was having problems..and did I want to send
MS a report....yada yada ...then when I got DSL the problem got worse...since
I was online all the time....it seemed to pulse all the time...Outpost seemed to
keep it in check....it blew right thru Sygate...I forget where it was sending to.
Every few secs...sending, sending, sending. I tried every tool and then some.
Kav,TDS etc. Nothing found it.

So yes I am leery what is being send out on my machine, and to whom.
I want to....when things settle down....to use this machine for light bookkeeping..my G/Fs occasional foray to ebay...state taxes...etc.

My weekest area....is FW's and correct settings...most security apps are
pretty EZ to figure out....But yipes...me and FW's.

I figure if I can nail down even 1 known exploit...that is 1 less thing for me to
worry about...be it windows...explorer.exe. IEexplorer.

I rarely get any alerts....just an occassional...Windows wants to do some sort
of housecleaning....which I deny until I can get some info on it

Ye gads....seems like everything is sending something out...I feel ....they
have to "need to know"

Long time back when I was using Kerio 2.15, I got affected with a worm, probably from someone who kindly bought me his collection of MP3, this would turn of my Kerio and also make svchost.exe crash from time to time, I was running AntiVir which at that time did not detect the worm, it was only after few months that Google had information on this worm, I had to format and reinstall my OS, my current installation of Win2K is almost 21/2 years old, one of the reasons this OS went so long is due to MS's implementation of patches as well as good FW rule setting and vigilant practices.

I was wondering mostly about IE exploits.. If anyone had ever had something happen as a result of using IE.

Spanner,

Thats the right one, sorry for the typo, this dll allows any program to access port 80 via IE.

Spanner,

Don't rename it, just block it in your firewall.

Spanner,

I never use IE, only Opera and Firefox but if you like IE, there is a very good and free browser using IE engine called Maxthon which has none of the bugs or loopholes of IE and is quite fast, almost as fast as Opera.

One side-effect of blocking actxprxy.dll (in my case with Outpost) is that when you use "Open in New Window" and then block it when prompted, the new window loads but you will then no longer be able to browse until you restart IE.

Nick

Absolutely right, it is the same process of opening new IE windows that also allows other programs like Wallbreaker, PC Audit etc. to spawn through IE.

Hi Arup,

I also see svchost.exe uses actxprxy.dll at XP startup. Blocking causes no apparent loss of functionality yet. (I rarely use IE; just playing around.)

10:02:45 PM svchost.exe OUT REFUSED UDP localhost 1028 Blocked by Component Control
10:02:45 PM svchost.exe OUT REFUSED UDP localhost 1027 Blocked by Component Control
10:02:36 PM svchost.exe OUT REFUSED UDP 239.255.255.250 1900 Blocked by Component Control
10:02:36 PM svchost.exe OUT REFUSED UDP 239.255.255.250 1900 Blocked by Component Control

Nick

Here is one answer to your question ....Kerodo

http://www.pcflank.com/news040405.htm

Thanks JW... that's the kind of thing I'm interested in learning about... I have switched back to Firefox for now...

One of the reasons I have been relatively hack and virus free over the years is due to my my using Opera as main and only browser and have always set IE to ask mode in my firewall. Now with Avast adding the web shield, things are even better.

So Avast's web shield works ok with Opera? So far I've only tested IE and Firefox with Avast, and both work fine. I do have Opera here also though..